krb5: Expand breadcrumb commentary in _krb5_get_host_realm_int()
This commit is contained in:
Nicolas Williams
@@ -220,11 +220,20 @@ _krb5_get_host_realm_int(krb5_context context,
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* If 'p' is NULL, we did not find an explicit realm mapping in either the
|
* If 'p' is NULL, we did not find an explicit realm mapping in either the
|
||||||
* configuration file or DNS. Try the hostname suffix as a last resort.
|
* configuration file or DNS. Try the hostname suffix -upcased- as a realm
|
||||||
|
* as a last resort.
|
||||||
*
|
*
|
||||||
* XXX: If we implement a KDC-specific variant of this function just for
|
* NOTE: If we implement a KDC-specific variant of this function just for
|
||||||
* referrals, we could check whether we have a cross-realm TGT for the
|
* referrals, we could check whether we have a cross-realm TGT for the
|
||||||
* realm in question, and if not try the parent (loop again).
|
* realm in question, and if not try the parent (loop again). Such a
|
||||||
|
* variant would have to have access to the HDB, naturally.
|
||||||
|
*
|
||||||
|
* We should start by adding an argument to this function that
|
||||||
|
* indicates whether this fallback here is desired (the KDC wouldn't
|
||||||
|
* desire it). Then when the KDC gets KRB5_ERR_HOST_REALM_UNKNOWN
|
||||||
|
* from this function, the KDC would search the HDB for cross-realm
|
||||||
|
* krbtgt principals that denote a hierarchical path to a realm that
|
||||||
|
* matches the host's domain suffix (or a suffix of it...).
|
||||||
*/
|
*/
|
||||||
if (p == NULL) {
|
if (p == NULL) {
|
||||||
p = strchr(host, '.');
|
p = strchr(host, '.');
|
||||||
|
|||||||
Reference in New Issue
Block a user